<?php

class Session {
    private $fingerprint;
    
    private static $checks = array(
        'HTTP_USER_AGENT',
        'REMOTE_ADDR'
        );

    private function refresh_timeout($sec = 600) {
        $_SESSION['EXPIRES'] = time()+$sec;
    }
    
    public function restart() {
        session_regenerate_id(true);
        $_SESSION['TEST'] = $this->fingerprint;
        $this->refresh_timeout();
    }

    public function end() {
        session_destroy();
    }

    public function authenticate() {
        if ( !isset($_SESSION['TEST']) || ($_SESSION['TEST'] !== $this->fingerprint)
                || (time() > $_SESSION['EXPIRES']) )
            $this->end();  // something is goofy or the session has expired.  Destroy it.
        else $this->refresh_timeout();
    }

    public function __construct($name = 'bgSess') {
        session_name($name);
        session_start();
        $fingerprint = $name;
        foreach (self::$checks as $check) {
            if (isset($_SERVER[$check])) $fingerprint .= $_SERVER[$check];
        }
        $this->fingerprint = md5($fingerprint);
            
    }
}

?>